Uncertain Future – Part II – Information Security

Information Security

Not every bad thing can kill you. Oh sure, there are many things that can still ruin your life, but most won’t kill you.

Something that has remarkably changed in last twenty years is something that didn’t exist twenty years before it – online security. The information we publish online about ourselves, the groups we associate with, and even our country, can devastate our lives, or even the lives of people we will never meet. This is so true, that to sign on to read this article, you no doubt had to fill out at least four passwords. Then there is work email, phone keys, banking password, anything associate with a bill, your firewall software (that one’s ironic) and anything with the Apple logo that assumes anyone with fat fingers are criminals and forces you redo your freaking password every single time I try to buy a song… legally (that’ll teach me the punishment for being good.)

In fact, the information that exists in the open is an entire field of spycraft. Open-source intelligence (OSINT) is intelligence collected from publicly available sources. It is the science of gathering executable knowledge to use against someone which they have willingly left available to the world. That’s not true, some of that knowledge could be stolen and published already, without the subject’s knowledge, and certainly without their permission. In my book, The Next Warrior, which deals with exploring the real way technology will change the face of warfare in the next few decades, this concept is explored with a young female spy named Samantha Avery. In 2026, Avery isn’t like the modern day spies, case officers that are employed by the CIA. She sits at a desk and gathers information at her comfortable office outside Washington DC. What makes her special is the ability to find and pool vast databases and other intelligence sources hidden throughout the internet to decipher useful information and patterns her clients are willing to pay desperately for. Why is this special in 2026, when we have Google today? One might only look back to 2006, when there were only 85,507,314 websites in existence. For a better understanding of how much things have changed, as I write, there are 998,253,877[1], just shy of a billion. Sure Google will still be a valuable tool, but as the rest of this section will show you, the information you can access via Google is limited. Beyond the reach of search engines is information hidden in the dark web, databases and forums which house classified, illegal, or personal information that some would pay well to know, or for Avery’s case, just pay well to know what to do with it.

That said, Cyber Security is already a big deal today. The world isn’t waiting for 2026 when Supersleuthes have already mastered the art of unburrying skeletons. Between personal invasions of privacy, to massive breaches of corporate firms and even national governments, the industry surrounding cyber security has exploded to levels we haven’t seen ever. In the future, this will be even more true. When we consider the other answers, which show a future possible (almost certain) marriage between our electronics, communications, cars, homes, and entertainment unseen today, and add with them more levels of privately controlled automated drones, our augmented reality suites, driverless everything; all at work, school, home, and at play, security analysts cringe at the myriad of ways in which these technologies will interlock and overlap – each time creating a new vulnerability and entry into our own private motherload of personal information. In truth, swarm technology and the internet of things is a terrifying concept, because with each new device that enters our sphere of influence, we experience a new breach point to our data, one that hackers can use to enter into our lives.

Take Nicholas Allegra. He’s a hacker who makes a hobby out of defeating Apple’s best and brightest security chiefs.  [2]

“It feels like editing an English paper,” Allegra says simply, his voice croaking as if he just woke up, though we’re speaking at 9:30 pm. “You just go through and look for errors. I don’t know why I seem to be so effective at it.”

Going by the hacker name Comex, Allegra created the JailbreakMe code, which allowed millions of users to upload any applications they wanted to Apple’s infamously restrictive devices. The way he did it was through exploiting a bug in how Apple’s mobile operating system iOS handles PDFs fonts. That allowed him to both locate and repurpose hidden commands. That critical flaw allowed a series of exploits that not only gains… blah, blah, blah, technical nerd jargon. The point is, this kid was able to publish code allowing millions of people to manipulate their phone against the creator’s wishes because of the way the phone read fontson pdfs.

“I spent a lot of time on the polish,” Allegra says with a hint of pride.

As I said before, these sorts of security failures aren’t limited to phones. In the next era of technological revolutions, new methods will open to new exploits in the same way that a 19 year old can crack the world’s safest phone. In a further example of how more tech means more problems, security researcher Nils Rodday is preparing a demonstration for the RSA security conference in San Francisco that will show how he is able to hack and take control of police drones from more than a mile away. [3]

“…flaws in the security of a $30,000 to $35,000 drone’s radio connection allow him to take full control over the quadcopter with just a laptop and a cheap radio chip connected via USB. By exploiting a lack of encryption between the drone and its controller module known as a “telemetry box,” any hacker who’s able to reverse engineer the drone’s flight software can impersonate that controller to send navigation commands, meanwhile blocking all commands from the drone’s legitimate operator.

I’m just going to take this opportunity to remind people that these things exist, and leave it at that.

Personally, I’m just glad people like Nils Rodday and Comex aka Nicholas Allegra are at worst chaotic good, working for the betterment of us all through nefarious means, rather than a full on evil geniuses.

There are, however, lots of evil people on the internet and many of these people want to do you great harm, or at least, have no concern for your well being as they attempt to make a better life for themselves. Whether it is because of a lone wolf cyber idealist like Comex; a community of hackers with motivations ranging from patriotism, sexism, anarchism, or just for the lulz; corporate hackers out to steal your money; or national hackers out to bring down the power grid, the internet is growing a more dangerous place, and Wall Street knows it.

HACK, the exchange-traded fund bundling 30 cyber security companies, has seen quite a year for just these reasons. Last year, following a spree of high profile hacks across several industries, the fund skyrocketed, increasing in value nearly 30% in only six months to over a $1 billion market cap. [4] Since June, the value in the fund has receded, along with the entire sector. Since the downturn, however, these security companies are coming together, literally, to shake up the security industry again. In the last quarter, niche security companies that weren’t able to compete on their own, are merging together and with much larger firms to solve problems some thought we wouldn’t have cracked for another decade, along with others, no one predicted.

Last year, there were 133 security M&A deals, up from 105 in 2014, according to 451 Research’s February report on the tech outlook for 2016.  Its recent survey of investment bankers showed that security is expected to have the most M&A activity this year, surpassing mobile technology for the first time in six years.

What this means is that many of today’s fears and concerns for tomorrow are getting a lot of attention, and new methods to solve them are gathering steam and energy to attempt the mitigate the flood of invasions expected in the next two decades. One of the biggest leaders in this is a company you know well. Microsoft is shoring up their defense against cyberattacks by purchasing many of these fledgling firms into their corporate umbrella, creating several new layers between its customers (along with itself) and would be hackers.  [5] The majority of the new additions came from startups that didn’t really have a place in the industry, solving problems too specific to truly go it on their own, but filled with good ideas and brilliant people. Microsoft’s recent acquisitions have been intended to add new capabilities, as well as new minds to the brain pool of Seattle. The hope is that, as these new units are integrated, the company will be capable of creating value and new technologies that will keep Microsoft and its users secure for at least the span of this question.

So here’s the real question: What exactly is it that Microsoft is so afraid of? Throughout this answer, I’ll attempt to explain some the risks that have the world’s largest tech firms, and even the world’s largest nations, preparing for a battle that we all need them to win. We will start off small with things that can only ruin your life, and then work up to the stuff that can legitimately break the world.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s